Talk about hitting the jackpot: A new hacking group waltzed away with 150,000 credit card numbers stolen from a casino last year.
Experts at FireEye said the “Fin5” crew didn’t even break a sweat when it skipped through the unnamed casino’s “flat” IT framework to access the organization’s open payment systems, Hacked reported.
The casino didn’t have even the basic firewalls around its payment platforms, according to Emmanuel Jean-Georges and Barry Vengerik, researchers of Mandiant and FireEye. Jean-Georges told the news outlet what the casino had was “a very flat network, single domain, with very limited access controls for access to payment systems.”
“Had this casino hotel operator had even minimal or basic protections in place like a firewall with default deny systems to limit access to PCI (payment systems… it would have slowed down the attackers and hopefully set off red flags,” the researcher said, according to the Hacked report.
In a separate interview with UK’s The Register, Jean-Georges said his firm investigated at least a dozen attacks by Fin5, but he believed there might be six more hacks that were unaccounted for.
The hacking group, which can be considered “professional grade,” creates its own hacking code to locate credit card data, Vengerik said. Using this code, Fin5 targets organizations using stolen credentials that ensure flags weren’t tripped during the initial attack. Then, the hackers target Active Directory to unlock more credentials.
Jean-Georges revealed the group uses a rare backdoor—Tornhull—and a VPN—Flipside—to maintain persistence. Flipside was overlooked by a different incident response company after an earlier assault, which prompted Fin5 to return for more thefts, he said.
Fin5’s attacks stopped after the casino implemented different security changes, including two-factor authentication and system logging, the researchers said.
Problems with credit card identity thefts in the gambling sector—land-based or otherwise—had players looking for other ways to fund their accounts. Now, there are other payment mechanisms available as an alternative to traditional banking.
One mechanism is PayNearMe, a cash transaction network that makes use of retail locations to allow players to use cash.
“We have created a cash transaction network and, in the case of New Jersey and Nevada, works at 7-11 to allow players to go register with the site and then go to a physical store, give the clerk cash, scan a barcode, and by the time they’re back in their car, their account has been funded with cash,” PayNearMe VP and GM of gaming Christian Solomine told CalvinAyre.com.